It could be cool to make some Windows API calls to find out what the current app in focus is, and only tweet messages from specific programs (e.g., skype, aim, etc.) That’d almost be “useful”, though, and I was aiming more for “ridiculous” :)

@yu: it’s not really a “practical” app, it’s more of an experiment for exploring the difference between “private” and “public” information. I’m also curious about why people post to twitter in the first place. Maybe it’s comforting to think that our random thoughts are worthwhile? I’m trying to understand these questions better, too.

@sunjester: I feel like hacking our expectations and beliefs (about things like privacy) can be just as essential as technically/scientifically interesting hacks. I agree, because it tweets doesn’t mean it belongs on hackaday :) [ditto with anything using an Arduino] But I submitted this project because I though hackaday readers might enjoy an old idea (a keylogger) used in an unusual way: to share “private information” on purpose.

Yeah interesting, but I cant really see how it could be taken ‘forward’ to some other practical project, not to say it shouldn’t have been tried in the first place.
One thing, make sure the blacklist file is at least encrypted strongly if its to hold passwords to filter out. Perhaps a more robust solution would be to not have the pwd in a text file, but compare keystrokes against the Windows SAM database hashes. Maybe. Okay maybe not! ;-)

So, not only does the keylogger grab whatever he types, greatly increasing the chances of that “Oooops” moment … he also hardcoded important critical information into a blacklist? Please tell me he at least hashes the stuff instead of just sticking it in there in plaintext …

@fake51: The blacklist has about 15 entries, where each entry is a piece of a filtered word/number, and they’re permuted so to be non-adjacent (e.g., the first four digits of my credit card number are not followed by the next four). I’m confident that the code won’t let me post anything it shouldn’t. If you wanted to get the information, you’d either have to steal my computer, crack my computer remotely and acquire the file (and de-permute the relevant keys), or find a way to attack the cURL lib that receives JSON responses from the Twitter API (which is running in a separate process, and returns input that I don’t touch). In other words, it’s about as safe as the “Saved Passwords” feature in Firefox, and more about convenience than security. Even if something got past it, would you really want to wade through hundreds of Twitter posts? :) If you have other ideas, send me an email!